{"id":"AZL-29758","summary":"CVE-2023-4863 affecting package libwebp for versions less than 1.3.2-1","details":"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)","modified":"2026-04-01T05:10:39.379131Z","published":"2023-09-12T15:15:24Z","upstream":["CVE-2023-4863"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863"}],"affected":[{"package":{"name":"libwebp","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/libwebp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-29758.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}